Salesforce Security Essentials – 7 Things to Keep in Mind
WithSecure Cloud Protection for Salesforce
trusted natively integrated solution that prevents attacks via files and URLs uploaded to Salesforce Clouds. It is used by the world’s largest enterprises across various industries and it seamlessly protects even the most complex environments.Learn more
Salesforce is the leading CRM system in the world and Salesforce Cloud applications such as Sales Cloud, Service Cloud, Experience Cloud, and Community Cloud are now a business-critical service for organizations across a wide range of industries and verticals.
The dawn of remote work has increased many companies’ reliance on platforms like Salesforce, as well as accelerated the adoption of cloud platforms for those that were not already utilizing them.
The speed of adoption has often meant that the security concerns associated with utilizing these platforms have been overlooked or at least not properly considered and addressed. However, given the wealth and variety of data that is being uploaded or shared on Salesforce and with data leaks and security breaches on the rise, making sure your data is secured is a top priority among companies.
Salesforce offer their customers a highly secure cloud infrastructure with a comprehensive set of security controls. However, it is up to customers to understand how to implement these controls and to be aware of the other security issues that utilizing cloud collaboration platforms introduces.
We’ve put together a short guide to introduce and explain what we see as the seven most important areas of data security for Salesforce users.
1. Understanding shared responsibility
As a Salesforce customer you always retain responsibility for everything that you upload to the platform, as well as managing the security of devices and identifies that you use to access the platform.
2. Enabling privileged-based access
Setting privileged-based access means ensuring that only authorized people can access your Salesforce environment. Salesforce simplified this process by formulating a data security model that breaks it down into four levels that make it easier for administrators to set rules and quickly assess the access-level of any particular user.
3. Defining organization-wide sharing rules
Salesforce provides its customers with tools to set organization-wide rules for who can access what, but it is your responsibility to understand and configure them. Rules you can set include the time and location that users can login from.
4. Enabling Clickjack protection
Clickjacking is a method used by cyber criminals to make a button or link appear to be from one website when really it’s from another. Salesforce has an in-built functionality which can be enabled through Session Settings in order to stop clickjack attacks. Thus allowing you to prevent these traps from appearing within your Salesforce environment.
5. Evaluating potential vulnerabilities
The first step for evaluating vulnerabilities is to run the in-built Salesforce Security Health Check by searching for it in the Quick Find Box. It is a tool that evaluates the level of security across several different metrics and classifies any issues by level of severity. It then gives you advice and access to further information on how to address the issues. and classifies any issues by level of severity. It then gives you advice and access to further information on how to address the issues.
6. Reviewing your data backup strategy
Even within a sophisticated cloud architecture like Salesforce, data loss is a possibility you should be prepared for. Make sure that you check the settings for how often backups are made and what is included in these backups so you have something to revert to in the event of disaster.
7. Securing data from external sources
If you are allowing external users access to your Salesforce environment, for example suppliers or customers, it is important to have a procedure to ensure they cannot access confidential data or upload malicious content. WithSecure’s Cloud Protection for Salesforce solution scans all content that is uploaded and blocks anything illegitimate.
Want to Learn More? Get in Touch for a Free Consultation!
Complete the form and we'll get back to you as soon as possible